Patchman incorrectly flags HWE kernel packages as updates for GA kernel installations when both kernel tracks are shipped in the same repository (e.g. noble-updates).
Environment
Patchman 4.0.18
Ubuntu 24.04 (Noble) hosts running GA kernel 6.8
Problem
On Ubuntu Noble, both GA kernels (6.8.x) and HWE kernels (6.17.x) are delivered via noble-updates/main. Patchman's kernel update logic matches packages by prefix (e.g. linux-image-*-generic) and then compares version numbers, without considering that the version number embedded in the package name indicates a different kernel track.
This results in false update entries like:
linux-headers-6.8.0-106-generic (6.8.0-106.106) → linux-headers-6.17.0-19-generic (6.17.0-19.1924.04.2)
linux-image-6.8.0-106-generic (6.8.0-106.106) → linux-image-6.17.0-19-generic (6.17.0-19.1924.04.2)
linux-modules-6.8.0-106-generic (6.8.0-106.106) → linux-modules-6.17.0-19-generic (6.17.0-19.19~24.04.2)
linux-modules-extra-6.8.0-106-generic → linux-modules-extra-6.17.0-19-generic
linux-tools-6.8.0-106-generic → linux-tools-6.17.0-19-generic
The host has linux-generic (GA meta-package) installed — not linux-generic-hwe-24.04. Running apt list --upgradable does not offer these packages as updates.
Why the priority fix (PR #773) doesn't help here
The repository priority mechanism introduced in PR #773 works when GA and HWE kernels come from different repositories with different priorities. However, on Ubuntu Noble both GA and HWE kernels are shipped in noble-updates (priority 500). Since both the old and new package come from the same repository, the priority filter has no effect.
Verified via database
sql-- The 6.17 HWE kernels come from noble-updates, same repo as GA kernels
SELECT pn.name, p.version, r.name
FROM packages_package p
JOIN packages_packagename pn ON p.name_id = pn.id
JOIN repos_mirrorpackage mp ON mp.package_id = p.id
JOIN repos_mirror m ON mp.mirror_id = m.id
JOIN repos_repository r ON m.repo_id = r.id
WHERE pn.name LIKE 'linux-image-6.17%';
-- Result: all from noble-updates/main with priority 500
-- False update mappings in packageupdate table
SELECT old_pn.name, old_p.version, old_p.release, ' --> ', new_pn.name, new_p.version, new_p.release
FROM packages_packageupdate pu
JOIN packages_package old_p ON pu.oldpackage_id = old_p.id
JOIN packages_packagename old_pn ON old_p.name_id = old_pn.id
JOIN packages_package new_p ON pu.newpackage_id = new_p.id
JOIN packages_packagename new_pn ON new_p.name_id = new_pn.id
WHERE new_pn.name LIKE 'linux-%-6.17%';
-- Result:
-- linux-headers-6.8.0-106-generic → linux-headers-6.17.0-19-generic
-- linux-image-6.8.0-106-generic → linux-image-6.17.0-19-generic
-- linux-modules-6.8.0-106-generic → linux-modules-6.17.0-19-generic
-- etc.
Suggested fix
When matching kernel packages by prefix for DEB systems, the logic should verify that the major kernel version in the package name matches. For example, linux-image-6.8.0--generic should only be compared against other linux-image-6.8.0--generic packages, not against linux-image-6.17.0-*-generic.
Alternatively, the installed kernel meta-package (linux-generic vs linux-generic-hwe-24.04) could be used to determine which kernel track the host is on.
Patchman incorrectly flags HWE kernel packages as updates for GA kernel installations when both kernel tracks are shipped in the same repository (e.g. noble-updates).
Environment
Patchman 4.0.18
Ubuntu 24.04 (Noble) hosts running GA kernel 6.8
Problem
On Ubuntu Noble, both GA kernels (6.8.x) and HWE kernels (6.17.x) are delivered via noble-updates/main. Patchman's kernel update logic matches packages by prefix (e.g. linux-image-*-generic) and then compares version numbers, without considering that the version number embedded in the package name indicates a different kernel track.
This results in false update entries like:
linux-headers-6.8.0-106-generic (6.8.0-106.106) → linux-headers-6.17.0-19-generic (6.17.0-19.19
24.04.2)24.04.2)linux-image-6.8.0-106-generic (6.8.0-106.106) → linux-image-6.17.0-19-generic (6.17.0-19.19
linux-modules-6.8.0-106-generic (6.8.0-106.106) → linux-modules-6.17.0-19-generic (6.17.0-19.19~24.04.2)
linux-modules-extra-6.8.0-106-generic → linux-modules-extra-6.17.0-19-generic
linux-tools-6.8.0-106-generic → linux-tools-6.17.0-19-generic
The host has linux-generic (GA meta-package) installed — not linux-generic-hwe-24.04. Running apt list --upgradable does not offer these packages as updates.
Why the priority fix (PR #773) doesn't help here
The repository priority mechanism introduced in PR #773 works when GA and HWE kernels come from different repositories with different priorities. However, on Ubuntu Noble both GA and HWE kernels are shipped in noble-updates (priority 500). Since both the old and new package come from the same repository, the priority filter has no effect.
Verified via database
sql-- The 6.17 HWE kernels come from noble-updates, same repo as GA kernels
SELECT pn.name, p.version, r.name
FROM packages_package p
JOIN packages_packagename pn ON p.name_id = pn.id
JOIN repos_mirrorpackage mp ON mp.package_id = p.id
JOIN repos_mirror m ON mp.mirror_id = m.id
JOIN repos_repository r ON m.repo_id = r.id
WHERE pn.name LIKE 'linux-image-6.17%';
-- Result: all from noble-updates/main with priority 500
-- False update mappings in packageupdate table
SELECT old_pn.name, old_p.version, old_p.release, ' --> ', new_pn.name, new_p.version, new_p.release
FROM packages_packageupdate pu
JOIN packages_package old_p ON pu.oldpackage_id = old_p.id
JOIN packages_packagename old_pn ON old_p.name_id = old_pn.id
JOIN packages_package new_p ON pu.newpackage_id = new_p.id
JOIN packages_packagename new_pn ON new_p.name_id = new_pn.id
WHERE new_pn.name LIKE 'linux-%-6.17%';
-- Result:
-- linux-headers-6.8.0-106-generic → linux-headers-6.17.0-19-generic
-- linux-image-6.8.0-106-generic → linux-image-6.17.0-19-generic
-- linux-modules-6.8.0-106-generic → linux-modules-6.17.0-19-generic
-- etc.
Suggested fix
When matching kernel packages by prefix for DEB systems, the logic should verify that the major kernel version in the package name matches. For example, linux-image-6.8.0--generic should only be compared against other linux-image-6.8.0--generic packages, not against linux-image-6.17.0-*-generic.
Alternatively, the installed kernel meta-package (linux-generic vs linux-generic-hwe-24.04) could be used to determine which kernel track the host is on.